Menu
▾
▴
Re: [Owasp-input-api-developers] Design Doc
|
From: Mark C. <ma...@cu...> - 2002-09-24 14:15:07
|
Cheers. On Tue, 2002-09-24 at 06:27, Chr...@ey... wrote: > Mark, > > I think a version of the Filters API implemented as a Servlet 2.3 Filter > could be useful, and I have proposed such an implementation on this list > in the past. It is something I will work on, but it may not be consistent > with the approach we'll take at the outset, which is to create filters to > be used at boundaries. Just my 2 cents worth but I would suggest you chat the the PM (Gabe) and tech lead (Alex) to ensure its in unison with whats been mutually agreed on, to ensure inclusion with the project release files. > > My thoughts about using an InterceptorFilter in this context is that it > would allow web app administrators to take a declarative approach by > mapping request parameters for specific web resources to specific API > filter functions. That would mean scrubbing all the input before the > Servlet sees it, which is a different approach from filtering at > boundaries. > > I apologize for the email format, but I'm sending this from my work email, > as I do not have access to my other mail right now, and Lotus Notes does > some annoying things I don't have any control over (the sig and formatting > as HTML). > > Chris > > > > > > Mark Curphey <ma...@cu...> > Sent by: owa...@li... > 09/22/2002 02:12 AM > Please respond to mark > > > To: owa...@li... > cc: > Subject: [Owasp-input-api-developers] Design Doc > > > I must of become unsubscribed for some reason so > wasn't getting mail...sorry about that one. > > Design doc looks pretty cool. > > Did you decide on a 2nd initial language ? > > I see a great deal of C CGI still around. I saw > Steves PHP web mail app as well which might be cool. > > In Java would the implementation be done using the > Java Filters package (part of Servlet 2.3 spec) ? > > http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/s > ervlet/Filter.html > > I thought this was interesting as well > > http://java.sun.com/blueprints/patterns/InterceptingF > ilter.html > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Owasp-input-api-developers mailing list > Owa...@li... > https://lists.sourceforge.net/lists/listinfo/owasp-input-api-developers > > > > ________________________________________________________________________ > The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Ernst & Young LLP |
